Lucius on Security

Expert advice on cybersecurity, cybersafety and cybercrime. Using real incidents, I explain why cyber risks occur, what form they take, and how they affect cybercitizens as individuals, employees, citizens and parents. Opinions expressed in this blog represent my personal views

Pages

Wednesday, July 26, 2017

The potential
for fake news to turn viral using social media is quite real. There have been
several instances where rumors have incited mob violence between rival
communities. The consequence got out of hand when illiterate tribals in a remote
Indian district received a Whatsapp message which claimed that children could
be kidnapped by a gang and their body parts sold. The message went viral in
these villages and mobs of upto 500 people pounced on strangers who they
suspected to the child kidnappers, in all there were two incidents where 7
people were lynched.

It is quite
apparent to every cybercitizen that fake or distorted news is on the rise.
Social media allows every individual a platform to disseminate such news or
information. Fake news is routinely posted for vested interest such as
political distortion, defamation, mischief, inciting trouble and to settle
personal problems.

As aptly illustrated in the case above, when
fake news goes viral the ill effects escalate to a point where they can cause
physical damage, loss of life or long-term animosity between sections of society.
Purposely-crafted fake/distorted news introduced over periods of time by vested
interests can distort perspectives and social harmony. Such news is effectively
used for ideological indoctrination.

Creation of
fake news is extremely simple. Listed below are six commonly used methods

·Individuals
concoct their own stories

·Marketers
release competitive advertisements based on unproven data

·Groups
with vested interests manipulate the volume and narrative of news.

·Photographs
are morphed

·Old
photographs are used to depict recent events

·Real
photographs are used to defame

Obviously, it
is also quite easy to catch the perpetrator. A few years back, a twitter hoax
was dealt with by a strong reprimand, but not today. Fake news, hoaxes, rumours
or any other type of content that results in incitement or defamation attract
stronger penalties and jail terms. Police are more aware and vigilant.

Most cybercitizens
unwitting help fake news go viral by recirculating it. It creates a sense of
belief that it must be true because the other person must have validated the
news before sending it.

Pause before forwarding, Evaluate veracity and then Forward.
Do not be that link in
the chain responsible for the circulation of Fake News

Cybercitizens,
do take care when crafting messages on social media – a little mischief may
provide you a few years in government paid accommodation – Jail. Advise your
children to be responsible and do cross check news received over social media
before recirculating or believing in it.

Monday, July 24, 2017

The question of
whether privacy is a fundamental right is being argued before the honorable
Supreme Court of India. It is a topic to which a young India is waking up too.
Privacy is often equated with Liberty, and young Indians wants adequate
protection to express themselves.

Privacy according to Wikipedia is the ability of an individual or group
to seclude themselves, or information about themselves, and thereby express themselves selectively. There
is little contention over the fact that privacy is an essential element of
Liberty and the voluntary disclosure of private information is both part of
human relationships and a digitized economy.

The reason for
debating data privacy is due to the inherent potential for surveillance and
disclosure of electronic records which constitute privacy such as sexual
orientation, medical records, credit card information, and email.

Disclosure
could take place due to wrongful use and distribution of the data such as for
marketing, surveillance by governments or outright data theft by cyber
criminals. In each case, a cybercitizens right to disclosure specific information
to specific companies or people, for a specific purpose is violated.

Citizens in
western countries are legally protected through data protection regulation. There
are eight principles designed to prevent unauthorized use of personal data by
government, organizations and individuals

Lawfulness, Fairness & Transparency

Personal data need to be processed based on the consent
given by data subjects. Companies have an obligation to tell data subjects
what their personal data will be used for. Data acquired cannot be sold
to other entities say marketers.

Purpose
limitation

Personal data collected for one purpose should not be used
for a different purpose. If data was collected to deliver an insurance
service, it cannot be used to market a different product.

Data
minimization

Organizations should restrict collection of personal data
to only those attributes needed to achieve the purpose for which consent from
the data subject has been received.

Accuracy

Data has to be collected, processed and used in a manner
which ensures that it is accurate. A data subject has to right to inspect and
even alter the data.

Storage
limitation

Personal data should be collected for a specific purpose
and not be retained for longer than necessary in relation to this purposes.

Integrity
and confidentiality

Organizations that collect this data are responsible for its
security against data thefts and data entry/processing errors that may alter
the integrity of data.

Accountability

Organizations are accountable for the data in their
possession

Cross
Border Personal information

Requirements.

Personal
information must be processed and stored
in secured environment which must be ensured if the data is processed
outside the border of the country

It is important
for cybercitizens to understand their privacy rights particularly in context of
information that can be misused for financial gain or to cause reputational
damage.

These scams
earned between 4 lakhs to 1.2 crore rupees (6000 – 200000 USD). Victims were
women in their 30’s who had posted their profiles on matrimonial portals. They
were emotionally blinded and trusted the online relationship.

The scams used
in reported cases in The Times of India, July 20, 2017, were custom harassment,
gift clearance or urgent need of money due to a financial or medical emergency.

31 year old nurse

Conned to accept a
parcel that apparently was to contain 15000 GBP ( approx. 12 lakhs)

Paid Rs 4.2 Lakhs ( 6000
USD) to a fake courier company

40 year woman

Conned to bail her
suitor out of a sticky payment at the customs

Paid 74 lakhs (11000 USD)
into several accounts

Young Woman

Conned to bail out her
UK based suitor as custom officials had caught him carrying a lot of pounds

Paid Rs 4.8 Lakhs (7000
USD)

35 year old woman

Conned into supporting
an allegedly US based suitor out of his financial difficulties

Paid Rs 1.2 Crore (184000 USD)

40 year old woman

Conned into bailing out
her UK suitor due to a sticky payment at customs

Paid Rs 4.65 Lakhs (7000
USD)

There will be a
large number of unreported scams as they involve threats of defamation using
explicit photos or video’s shared during the relationship.

I would again
remind cybercitizens, that conmen actively target you, use social engineering
techniques to gain your trust, and know how to hide themselves on the Internet.
These conmen are often difficult to trace or it is simply too expensive to do
so.

My
recommendation is to use common sense when in an untrusted and unverified
relationship. Any request for money should sound a loud buzzer in your brain. Do
not also share content of sexual nature which could later be used against you.

Awards

About Me

Security author and passionate blogger @LuciusonSecurity writing on risks that affect Internet users such as cyber crime, defamation, impersonation, privacy and security. Working hard to reduce cyber risks to some of the world's largest businesses. Find me on Twitter @luciuslobo or Linkedin at http://in.linkedin.com/in/luciuslobo